package com.security.order.controller;

import com.security.order.model.UserDTO;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * @author wangning
 * @create 2021-03-27 8:43
 */
@RestController
public class OrderController {

	@GetMapping("/r1")
	@PreAuthorize("hasAnyAuthority('p1')")//拥有p1权限才能访问
	public String r1() {
		UserDTO userDTO = (UserDTO) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
		return userDTO.getUsername() + "资源111";
	}

	@GetMapping("/r2")
	@PreAuthorize("hasAnyAuthority('p2')")//拥有p1权限才能访问
	public String r2() {
		return "资源222";
	}
}
